Re: [patch] Add design document for UBIFS secure deletion

From: Artem Bityutskiy
Date: Wed Mar 21 2012 - 12:07:27 EST

Next message: Stephen Warren: "Re: [PATCH V2 6/6] pinctrl: tegra: Add complete device tree support"
Previous message: Eric Dumazet: "Re: Patch workqueue: create new slab cache instead of hacking"
In reply to: Artem Bityutskiy: "Re: [patch] Add design document for UBIFS secure deletion"
Next in thread: Joel Reardon: "[patch] Add design document for UBIFS secure deletion"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2012-03-19 at 17:54 +0100, Joel Reardon wrote:
> Design document should be self explanatory.
>
> Signed-off-by: Joel Reardon <reardonj@xxxxxxxxxxx>
>
> ---
> Documentation/filesystems/ubifsec.txt | 358 +++++++++++++++++++++++++++++++++
> 1 files changed, 358 insertions(+), 0 deletions(-)
> create mode 100644 Documentation/filesystems/ubifsec.txt
>
> diff --git a/Documentation/filesystems/ubifsec.txt b/Documentation/filesystems/ubifsec.txt
> new file mode 100644
> index 0000000..4eb41fb
> --- /dev/null
> +++ b/Documentation/filesystems/ubifsec.txt
> @@ -0,0 +1,357 @@
> +UBIFS Secure Deletion Enhancement
> +
> +Written by Joel Reardon <reardonj@xxxxxxxxxxx>
> +Last revised: 19.3.2012
> +
> +Introduction
> +============
> +UBIFSec provides efficient secure deletion for the flash file system UBIFS.
> +Trivial secure deletion by overwriting the deleted data does not work for
> +flash memory, as there is a large difference between the size of the I/O unit
> +(page) and the erasure unit (erase block).

I think for correctness you should use term "LEB" everywhere, not
"eraseblock".

> UBIFSec encrypts each data node
> +with a distinct key and stores the keys colocated in a key storage area (KSA).
> +Secure deletion is achieved by atomically updating the (small) set of erase
> +blocks that constitute the KSA to remove keys corresponding to deleted data,
> +thereby deleting the data nodes they encrypted.
> +
> +Key Storage Area (KSA)
> +======================
> +UBIFSec uses a small migrating set of erase blocks to store all the data

"Migrating" set? To me it sounds like the KSA area changes the position
withing the UBI volume. I'd suggest to remove word "migrating".

> +node's keys---this set is called the Key Storage Area (KSA). The KSA is
> +managed separately from the rest of the file system. In particular, it does
> +not behave like a log-structured file system: when a KSA erase block is
> +updated, its contents are written to a new erase block

s/to a new erase block/to a new KSA LEB/ ?

> , the logical reference
> +to the KSA block is updated, and the previous version of the KSA erase block

s/KSA block/KSA LEB/ ?

Also, it is not clear what is the "logical reference" - would be nice to
probably introduce this notion before using it.

--
Best Regards,
Artem Bityutskiy

Attachment: signature.asc
Description: This is a digitally signed message part

Next message: Stephen Warren: "Re: [PATCH V2 6/6] pinctrl: tegra: Add complete device tree support"
Previous message: Eric Dumazet: "Re: Patch workqueue: create new slab cache instead of hacking"
In reply to: Artem Bityutskiy: "Re: [patch] Add design document for UBIFS secure deletion"
Next in thread: Joel Reardon: "[patch] Add design document for UBIFS secure deletion"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]